ABOUT THE COMPANY:
FTI Consulting, Inc. is a global business advisory firm dedicated to helping organizations protect and enhance enterprise value in an increasingly complex legal, regulatory and economic environment. With more than 4,400 employees located in 26 countries, FTI Consulting professionals work closely with clients to anticipate, illuminate and overcome complex business challenges in areas such as investigations, litigation, mergers and acquisitions, regulatory issues, reputation management, strategic communications and restructuring. Our professionals are some of the most experienced leaders in their fields including: certified turnaround professionals, forensic accountants, corporate investigation specialists, intellectual property specialists, former political leaders, former chief executives, Nobel Laureate economists, banking and securities professionals, certified public accountants, e-discovery professionals, corporate, financial and crisis communications specialists, chartered financial analysts and industry experts. Since our founding in 1982, clients have turned to us for high-stakes issues that require specialized expertise. FTI Consulting was engaged to work on some of the biggest news stories of the last two decades including the Bernie Madoff investment securities scandal, the Stanford Financial Group investigation, the 2010 Gulf oil spill crisis, the Major League Baseball steroid investigation, and high profile corporate restructurings including Lehman Brothers, General Motors and CIT, just to name a few.
FTI Consulting continually strives to offer employees and eligible dependents, including domestic partners and eligible domestic partner children, a competitive and comprehensive benefits package. Please click here for more information.
FTI Consulting does not accept unsolicited resumes from external firms or agencies. FTI Consulting will not be responsible for placement fees associated with unsolicited resumes.
FTI Consulting is an equal opportunity employer and does not discriminate on the basis of race, color, national origin, ancestry, citizenship status, protected veteran status, religion, physical or mental disability, marital status, sex, sexual orientation, gender identity or expression, age, or any other basis protected by law, ordinance, or regulation.
FTI Consulting’s Corporate functions provide support to our client service professionals so they are able meet and exceed the needs of our clients. Professionals within our Marketing and Communications, Information Technology, Finance and Accounting, Human Resources, Office Infrastructure, Legal, and Real Estate teams are dedicated to working together and delivering world class support across our global community.
ABOUT THE OPPORTUNITY:
Manager IT Security Compliance in the Corporate Information Technology Group - Enterprise Information Security and Privacy Division. This position is pivotal to the policy management and continuous improvement function of the Information Security Management System at FTI. Many process improvement opportunities/mandates arise from Risk Assessments, Vulnerability Assessments, Internal/External Audits, Compliance self-assessments and Privacy Regulation. The Manager of IT Security Compliance is responsible for prioritizing these action items and managing/coordinating compliance process improvement projects and activities across IT, and multiple functions, including: information technology, human resources, finance, corporate communications, legal, facilities management and other groups. Therefore, the Manager of IT Security Compliance is an actor of change; working with senior management to make risk-based decisions and coordinating with process owners for their implementation.
- Provide oversight and act as player/coach within the security/privacy compliance function.
- Plan and report of team activities using project/portfolio management methodology
- Participate in information security policy/standard/procedure development and maintenance in collaboration with business partners and management.
- Manage the “Policy Library” to ensure version control and periodic updates
- Maintain the policy/procedure awareness/training program within IT and across the enterprise
- Manage the policy exception process
- Assist in Risk/Vulnerability Management with focus on prioritizing, identifying, coordinating and tracking risk mitigation activities.
- Manage the Process Improvement Register/Log, coordinating cross-functional teams for risk-based continuous improvement
- Provides training, instruction and guidance to other staff members.
- Provide consultation to various FTI organizations upon request, providing consultation on specific projects on a short-term basis, and assisting in the resolution of problems identified. The scope extends to corporate and business segments with FTI leveraging technology.
- Manage the overall capabilities and operating framework (structure, people, and project delivery processes), articulating the service delivery process, and managing the measurement metrics.
- Develop strategic relationships with vendors and technology suppliers.
- Assist in projecting hardware and software requirements, and analyze cost vs. benefit.
- Understand and keep abreast of emerging technologies and how they affect the business.
- Special projects as assigned
- Daily time entry to record billable and non billable time
- Provide on-call support via cell-phone or pager 24 x 7 as needed
- Take on responsibilities as a backup or alternate for other IT staff
- Periodic travel if necessary with little notice
- 10+ years overall IT experience, with previous experience in various server, network and database administration roles, and previous management/personnel leadership roles
- 3+ experience in Information Security Risk Management
- 5+ years experience in IT audit/Security Assessment/Certification and Accreditation and planning; as well security/data privacy risk assessment.
- Strong understanding of information security principles, architecture and methodologies (including risk assessment)
- Knowledge of ISO 27001/27002 and GAPP security and privacy compliance frameworks
- Solid understanding of IT audit methodologies (especially Sarbanes-Oxley)
- Knowledge of COBIT, ITIL, PMBOK, BCBOK and other IT governance frameworks
- Excellent written and verbal communication skills
- Strong attention to detail
- A Positive Leader
- Flexible, Autonomous or Team player - i.e. able to work independently with little guidance, or as a team contributor in a fast-paced, deadline-driven environment
- Excellent written and verbal communication skills
- Highly Organized
- Highly Adaptable to changing priorities
- Possesses and evidences comprehensive knowledge of all information systems technology disciplines, with a high level of technical/functional expertise and knowledge.
- Must have a solid understanding of information technology, information security and IT risk management
- Must be an intelligent, articulate and persuasive leader who can serve as an effective member of the senior management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff. Ability to effectively communicate and coordinate with senior business management and peers.
- Possesses solid understanding of regulatory compliance concerning Information Assets and Security, and must have strong working knowledge of pertinent laws and the law enforcement community.
- Strong business and technical process design and documentation skills; Experience with developing and supporting new technology business offerings.
- Industry expertise of best practices, standards, and technology.
- Experience in directing IT policies and procedures.
- Project Management Experience.
- Bachelor's Degree in Business, Management Information Systems or related field preferred; graduate degree a plus.
- Professional designations preferred: CISSP, CRISC and PMP; others: CISM, CIA, CISA,CPA, CBCP, CIPP/IT a plus. (Note: Must be able to complete CISSP certification)
POSITION CLASSIFICATION: Exempt